diff options
| author | Holger Hans Peter Freyther <zecke@selfish.org> | 2012-09-04 20:42:20 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2012-09-11 16:23:31 +0200 |
| commit | ffd6856249ae3de42d17a2146a3c03e0597b2c53 (patch) | |
| tree | 662364363194c33853eda6aa05fd3145c32c77de /openbsc/src/gprs/gb_proxy.c | |
| parent | 7a7c2f85679bae57d17e43c3f8595d98f4ee629b (diff) | |
gbproxy: Address two unaligned memory access warnings
The lines 461 and 303 were producing unaligned memory access as
the BVCI was not aligned properly. Introduce a tlvp_val16_unal to
read 16bit from the data, use memcpy to the stack to make sure
that it is working in the aligned and unaligned case.
Diffstat (limited to 'openbsc/src/gprs/gb_proxy.c')
| -rw-r--r-- | openbsc/src/gprs/gb_proxy.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c index be361e1d9..69dde3d77 100644 --- a/openbsc/src/gprs/gb_proxy.c +++ b/openbsc/src/gprs/gb_proxy.c @@ -39,6 +39,13 @@ #include <openbsc/debug.h> #include <openbsc/gb_proxy.h> +static uint16_t tlvp_val16_unal(const struct tlv_parsed *tp, int pos) +{ + uint16_t res; + memcpy(&res, TLVP_VAL(tp, pos), sizeof(res)); + return res; +} + struct gbprox_peer { struct llist_head list; @@ -306,7 +313,7 @@ static int gbprox_rx_sig_from_bss(struct msgb *msg, struct gprs_nsvc *nsvc, * don't want the SGSN to reset, as the signalling endpoint * is common for all point-to-point BVCs (and thus all BTS) */ if (TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) { - uint16_t bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI)); + uint16_t bvci = ntohs(tlvp_val16_unal(&tp, BSSGP_IE_BVCI)); LOGP(DGPRS, LOGL_INFO, "NSEI=%u Rx BVC RESET (BVCI=%u)\n", nsvc->nsei, bvci); if (bvci == 0) { @@ -367,7 +374,7 @@ static int gbprox_rx_paging(struct msgb *msg, struct tlv_parsed *tp, LOGP(DGPRS, LOGL_INFO, "NSEI=%u(SGSN) BSSGP PAGING ", nsvc->nsei); if (TLVP_PRESENT(tp, BSSGP_IE_BVCI)) { - uint16_t bvci = ntohs(*(uint16_t *)TLVP_VAL(tp, BSSGP_IE_BVCI)); + uint16_t bvci = ntohs(tlvp_val16_unal(tp, BSSGP_IE_BVCI)); LOGPC(DGPRS, LOGL_INFO, "routing by BVCI to peer BVCI=%u\n", bvci); } else if (TLVP_PRESENT(tp, BSSGP_IE_ROUTEING_AREA)) { @@ -400,7 +407,7 @@ static int rx_reset_from_sgsn(struct msgb *msg, struct tlv_parsed *tp, return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg); } - ptp_bvci = ntohs(*(uint16_t *)TLVP_VAL(tp, BSSGP_IE_BVCI)); + ptp_bvci = ntohs(tlvp_val16_unal(tp, BSSGP_IE_BVCI)); if (ptp_bvci >= 2) { /* A reset for a PTP BVC was received, forward it to its @@ -464,7 +471,7 @@ static int gbprox_rx_sig_from_sgsn(struct msgb *msg, struct gprs_nsvc *nsvc, /* simple case: BVCI IE is mandatory */ if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) goto err_mand_ie; - bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI)); + bvci = ntohs(tlvp_val16_unal(&tp, BSSGP_IE_BVCI)); rc = gbprox_relay2bvci(msg, bvci, ns_bvci); break; case BSSGP_PDUT_PAGING_PS: @@ -484,10 +491,9 @@ static int gbprox_rx_sig_from_sgsn(struct msgb *msg, struct gprs_nsvc *nsvc, "cause=0x%02x(%s) ", *TLVP_VAL(&tp, BSSGP_IE_CAUSE), bssgp_cause_str(*TLVP_VAL(&tp, BSSGP_IE_CAUSE))); if (TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) { - uint16_t *bvci = (uint16_t *) - TLVP_VAL(&tp, BSSGP_IE_BVCI); + uint16_t bvci = tlvp_val16_unal(&tp, BSSGP_IE_BVCI); LOGPC(DGPRS, LOGL_NOTICE, - "BVCI=%u\n", ntohs(*bvci)); + "BVCI=%u\n", ntohs(bvci)); } else LOGPC(DGPRS, LOGL_NOTICE, "\n"); break; @@ -508,7 +514,7 @@ static int gbprox_rx_sig_from_sgsn(struct msgb *msg, struct gprs_nsvc *nsvc, case BSSGP_PDUT_BVC_UNBLOCK_ACK: if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) goto err_mand_ie; - bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI)); + bvci = ntohs(tlvp_val16_unal(&tp, BSSGP_IE_BVCI)); if (bvci == 0) { LOGP(DGPRS, LOGL_NOTICE, "NSEI=%u(SGSN) BSSGP " "%sBLOCK_ACK for signalling BVCI ?!?\n", nsvc->nsei, |